mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Add -iL as a n alternative to --file
This commit is contained in:
parent
d10f66a4c5
commit
75a9c021e5
26
testssl.sh
26
testssl.sh
@ -864,10 +864,11 @@ fileout_insert_warning() {
|
|||||||
# This should only be called if an *extra* warning will be printed (previously: 'fileout <extra_warning_ID> "WARN" '
|
# This should only be called if an *extra* warning will be printed (previously: 'fileout <extra_warning_ID> "WARN" '
|
||||||
# arg1: json identifier, arg2: normally "WARN", arg3: finding
|
# arg1: json identifier, arg2: normally "WARN", arg3: finding
|
||||||
#
|
#
|
||||||
# Also, we have to be careful with any form of mass testing so that a warning won't lead to an invalid
|
# Also, we have to be careful with any form of mass testing so that a warning won't lead to an invalid JSON
|
||||||
# JSON file. As any child will do any check as well (to be reconsidered later), we don't need also the parent
|
# file. As any child will do any check as well (to be reconsidered later), we don't need also the parent to issue
|
||||||
# to issue warnings upfront, see #1169. As a detection we'll use --file as in the children jobs it'll be removed:
|
# warnings upfront, see #1169. As a detection we'll use --file/-iL as in the children jobs it'll be removed:
|
||||||
[[ "$CMDLINE=" =~ --file ]] && return 0
|
[[ "$CMDLINE=" =~ --file ]] && return 0
|
||||||
|
[[ "$CMDLINE=" =~ -iL ]] && return 0
|
||||||
# Note we still have the message on screen + in HTML which is not as optimal as it could be
|
# Note we still have the message on screen + in HTML which is not as optimal as it could be
|
||||||
|
|
||||||
if "$do_pretty_json"; then
|
if "$do_pretty_json"; then
|
||||||
@ -15857,11 +15858,10 @@ help() {
|
|||||||
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql>
|
protocol is <ftp|smtp|lmtp|pop3|imap|xmpp|telnet|ldap|postgres|mysql>
|
||||||
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
--xmpphost <to_domain> For STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
||||||
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
|
--mx <domain/host> Tests MX records from high to low priority (STARTTLS, port 25)
|
||||||
--file <fname|fname.gnmap> Mass testing option: Reads command lines from <fname>, one line per instance.
|
--file/-iL <fname> Mass testing options: Reads command lines from <fname>, one line per instance.
|
||||||
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch".
|
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch".
|
||||||
Alternatively: nmap output in greppable format (-oG) (1x port per line allowed)
|
Alternatively: nmap output in greppable format (-oG) (1x port per line allowed)
|
||||||
--mode <serial|parallel> Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)
|
--mode <serial|parallel> Mass testing to be done serial (default) or parallel (--parallel is shortcut for the latter)
|
||||||
--add-ca <cafile> <cafile> or a comma separated list of CA files will be added during runtime to all CA stores
|
|
||||||
|
|
||||||
single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
|
single check as <options> ("$PROG_NAME URI" does everything except -E and -g):
|
||||||
-e, --each-cipher checks each local cipher remotely
|
-e, --each-cipher checks each local cipher remotely
|
||||||
@ -15910,6 +15910,7 @@ tuning / connect options (most also can be preset via environment variables):
|
|||||||
--sneaky leave less traces in target logs: user agent, referer
|
--sneaky leave less traces in target logs: user agent, referer
|
||||||
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
|
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
|
||||||
--phone-out allow to contact external servers for CRL download and querying OCSP responder
|
--phone-out allow to contact external servers for CRL download and querying OCSP responder
|
||||||
|
--add-ca <cafile> path to <cafile> or a comma separated list of CA files enables test against additional CAs.
|
||||||
|
|
||||||
output options (can also be preset via environment variables):
|
output options (can also be preset via environment variables):
|
||||||
--warnings <batch|off|false> "batch" doesn't ask for a confirmation, "off" or "false" skips connection warnings
|
--warnings <batch|off|false> "batch" doesn't ask for a confirmation, "off" or "false" skips connection warnings
|
||||||
@ -17039,7 +17040,7 @@ run_mx_all_ips() {
|
|||||||
|
|
||||||
# If run_mass_testing() is being used, then create the command line
|
# If run_mass_testing() is being used, then create the command line
|
||||||
# for the test based on the global command line (all elements of the
|
# for the test based on the global command line (all elements of the
|
||||||
# command line provided to the parent, except the --file option) and the
|
# command line provided to the parent, except the --file/-iL option) and the
|
||||||
# specific command line options for the test to be run. Each argument
|
# specific command line options for the test to be run. Each argument
|
||||||
# in the command line needs to be a separate element in an array in order
|
# in the command line needs to be a separate element in an array in order
|
||||||
# to deal with word splitting within file names (see #702).
|
# to deal with word splitting within file names (see #702).
|
||||||
@ -17069,20 +17070,21 @@ create_mass_testing_cmdline() {
|
|||||||
debugme echo "${CMDLINE_ARRAY[@]}"
|
debugme echo "${CMDLINE_ARRAY[@]}"
|
||||||
for cmd in "${CMDLINE_ARRAY[@]}"; do
|
for cmd in "${CMDLINE_ARRAY[@]}"; do
|
||||||
"$skip_next" && skip_next=false && continue
|
"$skip_next" && skip_next=false && continue
|
||||||
if [[ "$cmd" =~ --file ]]; then
|
if [[ "$cmd" =~ --file ]] || [[ "$cmd" =~ -iL ]]; then
|
||||||
# Don't include the "--file[=...] argument in the child's command
|
# Don't include the "--file[=...] or -iL argument in the child's command
|
||||||
# line, but do include "--warnings=batch".
|
# line, but do include "--warnings=batch".
|
||||||
MASS_TESTING_CMDLINE[nr_cmds]="--warnings=batch"
|
MASS_TESTING_CMDLINE[nr_cmds]="--warnings=batch"
|
||||||
nr_cmds+=1
|
nr_cmds+=1
|
||||||
# next is the file itself, as no '=' was supplied
|
# next is the file itself, as no '=' was supplied
|
||||||
[[ "$cmd" == --file ]] && skip_next=true
|
[[ "$cmd" == --file ]] && skip_next=true
|
||||||
elif [[ "$testing_type" == "serial" ]]; then
|
[[ "$cmd" == -iL ]] && skip_next=true
|
||||||
if "$JSONHEADER" && [[ "$cmd" == "--jsonfile-pretty"* ]]; then
|
elif [[ "$testing_type" == serial ]]; then
|
||||||
|
if "$JSONHEADER" && [[ "$cmd" =~ --jsonfile-pretty ]]; then
|
||||||
>"$TEMPDIR/jsonfile_child.json"
|
>"$TEMPDIR/jsonfile_child.json"
|
||||||
MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile-pretty=$TEMPDIR/jsonfile_child.json"
|
MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile-pretty=$TEMPDIR/jsonfile_child.json"
|
||||||
# next is the jsonfile itself, as no '=' was supplied
|
# next is the jsonfile itself, as no '=' was supplied
|
||||||
[[ "$cmd" == --jsonfile-pretty ]] && skip_next=true
|
[[ "$cmd" == --jsonfile-pretty ]] && skip_next=true
|
||||||
elif "$JSONHEADER" && [[ "$cmd" == "--jsonfile"* ]]; then
|
elif "$JSONHEADER" && [[ "$cmd" =~ --jsonfile ]]; then
|
||||||
>"$TEMPDIR/jsonfile_child.json"
|
>"$TEMPDIR/jsonfile_child.json"
|
||||||
MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile=$TEMPDIR/jsonfile_child.json"
|
MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile=$TEMPDIR/jsonfile_child.json"
|
||||||
# next is the jsonfile itself, as no '=' was supplied
|
# next is the jsonfile itself, as no '=' was supplied
|
||||||
@ -17852,7 +17854,7 @@ parse_cmd_line() {
|
|||||||
-q|--quiet)
|
-q|--quiet)
|
||||||
QUIET=true
|
QUIET=true
|
||||||
;;
|
;;
|
||||||
--file|--file=*)
|
--file|--file=*|-iL|-iL=*)
|
||||||
# no shift here as otherwise URI is empty and it bails out
|
# no shift here as otherwise URI is empty and it bails out
|
||||||
FNAME="$(parse_opt_equal_sign "$1" "$2")"
|
FNAME="$(parse_opt_equal_sign "$1" "$2")"
|
||||||
[[ $? -eq 0 ]] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
|
Loading…
Reference in New Issue
Block a user